package com.py.framework.core.filter;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.springframework.util.CollectionUtils;

/**
 * 跨域资源共享过滤器
 * @author Leegern
 * @date   2018年4月17日
 */
public class CorsFilter implements Filter {
	/** 允许访问的客户端域名 **/
	private String allowOrigin; 
	/** 允许访问的方法名 **/
    private String allowMethods;
    /** 是否允许请求带有验证信息 **/
    private String allowCredentials;
    /** 允许服务端访问的客户端请求头 **/
    private String allowHeaders;
    /** 允许客户端访问的服务端响应头 **/
    private String exposeHeaders;
	
	/*
	 * (non-Javadoc)
	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
	 */
	@Override
	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) req;  
        HttpServletResponse response = (HttpServletResponse) res;  
        
        String currentOrigin = request.getHeader("Origin");
        if (StringUtils.isNotBlank(allowOrigin)) {
            List<String> allowOriginList = Arrays.asList(allowOrigin.split(","));  
            if (! CollectionUtils.isEmpty(allowOriginList)) {  
                if (allowOriginList.contains(currentOrigin)) {  
                    response.setHeader("Access-Control-Allow-Origin", currentOrigin);
                }  
            }  
        } else {
        	response.setHeader("Access-Control-Allow-Origin", currentOrigin);
        }
        if (StringUtils.isNotBlank(allowMethods)) {  
            response.setHeader("Access-Control-Allow-Methods", allowMethods);  
        }  
        if (StringUtils.isNotBlank(allowCredentials)) {  
            response.setHeader("Access-Control-Allow-Credentials", allowCredentials);  
        }  
        if (StringUtils.isNotBlank(allowHeaders)) {  
            response.setHeader("Access-Control-Allow-Headers", allowHeaders);  
        }  
        if (StringUtils.isNotBlank(exposeHeaders)) {  
            response.setHeader("Access-Control-Expose-Headers", exposeHeaders);  
        }  
        chain.doFilter(req, res); 
	}
	
	/*
	 * (non-Javadoc)
	 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
	 */
	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
		allowOrigin      =  filterConfig.getInitParameter("allowOrigin");
		allowMethods     =  filterConfig.getInitParameter("allowMethods");
		allowCredentials =  filterConfig.getInitParameter("allowCredentials");
		allowHeaders     =  filterConfig.getInitParameter("allowHeaders");
		exposeHeaders    =  filterConfig.getInitParameter("exposeHeaders");  
	}
	
	/*
	 * (non-Javadoc)
	 * @see javax.servlet.Filter#destroy()
	 */
	@Override
	public void destroy() {
		
	}
}